QwikSec

Security Database

CVE

CWE

Training

CVE-2017-8932

Published: Jul 6, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[golang-announce] 20170523 [security] Go 1.7.6 and Go 1.8.2 are released

mailing-list

x_refsource_MLIST

https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2017:1650

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2017:1649

vendor-advisory

x_refsource_SUSE

https://bugzilla.redhat.com/show_bug.cgi?id=1455191

x_refsource_MISC

https://github.com/golang/go/issues/20040

x_refsource_CONFIRM

https://go-review.googlesource.com/c/41070/

x_refsource_CONFIRM

FEDORA-2017-278f46fcd6

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.